| Ransomware is a type of malicious software,for the purpose of extorting ransom,it encrypts the data or locks the device.How to deal with the ransomware threat,to avoid serious damage of data and property,have become the common challenge for both academic and industry.This paper first introduces ransomware's development process and life cycle.And then,introduces the mechanism of ransomware from four aspects:attack target,life cycle,security threat,and attack mode.After that,key technology of each stage has been summed up respectively.According to the characteristic of each stage,this paper summarizes the existing detection and confrontation technology.While various ransomware defense systems have been proposed to deal with traditional randomly-spread ransomware attacks,none of them considered ransomware attacks that precisely aiming at specific hosts.To address this problem,we propose a systematic method to fight ransomware by trapping attackers via a network deception environment and then using traceback techniques to identify attack sources.According to the attack and defense characteristics of ransomware,this paper proposes a ransomware auxiliary traceback system.First,it traps ransomware attacker via a network deception environment.Secondly,we developed various monitors in the proposed deception environment to gather traceable clues about attackers.Lastly,based on machine learning and natural language processing technology,we further design an analysis system that automatically extracts and analyze the collected clues.Our evaluations invented 122 volunteers to simulate ransom ware attack,show that the proposed system can trap the adversary in the deception environment and significantly improve the efficiency of clue analysis.in addition,it is able to recognize the clues that identify the attacker and the ransomware maker,the screening rate reaches 98%.Furthermore,it also helps us traceback ransomware attackers and ransomware makers in the practical applications. |
PDF Full Text Request